[Standards-JIG] proposed In-Band Registration revisions
stpeter at jabber.org
Wed Dec 7 22:20:09 UTC 2005
Several implementors have mentioned to me before that they consider the
password change and deregistration use cases in JEP-0077 to be insecure
since the old password is not required in order to complete them. (What
if someone uses your computer while you step away for a minute and
changes your password?) Therefore I have added some optional protocol
flows to JEP-0077, using Data Forms to require additional information
before allowing a password change or deregistration. As with the
JEP-0071 changes, these revisions are provisional and need to be
approved by the Jabber Council.
Rendered version: http://www.jabber.org/jeps/tmp/jep-0077-2.2.html
Feedback is welcome as always.
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards